Summary: In third week of February,2020, after MSPT, an out-of-bounds (OOB) write vulnerability was observed in Adobe Media Encoder that leads to arbitrary code execution. This vulnerability was observed only for Microsoft Windows platform. Description: Adobe Media Encoder, is a software for encoding and compressing audio or video files. When the untrusted input is processed, … Continue reading “Adobe Media Encoder Out-of-Bounds Write Vulnerability (CVE-2020-3764)”
Remote Desktop Client Remote Code Execution Vulnerability. (CVE-2020-0734, CVE-2020-0681)
Summary: In the month of February,2020, among MSPT, a remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. On account of this vulnerability, an attacker could execute arbitrary code as well as compromise a legitimate server and perform CnC operation. Description: An attacker would need … Continue reading “Remote Desktop Client Remote Code Execution Vulnerability. (CVE-2020-0734, CVE-2020-0681)”
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability Alert (CVE-2020-0618)
Summary: In the month of February,2020, among MSPT, Microsoft SQL Server Reporting Services had to deal with a remote code execution vulnerability. This happens as it incorrectly handles page requests. The SSRS web application allowed low privileged user accounts to run code on the server by exploiting a deserialization issue. Description: As a initial part … Continue reading “Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability Alert (CVE-2020-0618)”
Windows Modules Installer Service Information Disclosure Vulnerability (CVE-2020-0728)
Summary: In the month of February,2020, among MSPT, Windows Modules Installer Service improperly discloses file information., resulting into an information disclosure vulnerability. Description: Logging onto an affected system and run a crafted application would lead to this information disclosure vulnerability. The TrustedInstaller service running on the Microsoft Windows operating system hosts a COM service called … Continue reading “Windows Modules Installer Service Information Disclosure Vulnerability (CVE-2020-0728)”
Mozilla Firefox And Firefox ESR Type Confusion Vulnerability
Summary: Mozilla Firefox and Firefox Extended Support Release (ESR) suffer from Type Confusion Vulnerability which could allow for arbitrary code execution. Depending on the privileges of the user, an attacker could install, view, change, or delete data, or create new accounts with full user rights. This issue was assigned under CVE-2019-17026. Description: Recently a Type … Continue reading “Mozilla Firefox And Firefox ESR Type Confusion Vulnerability”
Microsoft Windows Privilege Escalation Vulnerability – CVE-2020-0668
In February 2020 Patch Tuesday, Microsoft released patches for CVE-2020-0668, an elevation of privilege vulnerability that could allow a local authenticated attacker to execute arbitrary code with elevated permissions. Description: It’s an arbitrary file move vulnerability in Service Tracing feature of Windows Operating Systems. This feature provides some basic debug information about running services and … Continue reading “Microsoft Windows Privilege Escalation Vulnerability – CVE-2020-0668”
Intel Processors CacheOut Vulnerability
Summary: Intel(R) Processors suffer from information disclosure vulnerability via Cache Evictions named as CacheOut Vulnerability. An issue was discovered in Intel processors due to Cleanup errors in some data cache evictions that allow an authenticated user to potentially enable information disclosure via local access. This was assigned under CVE-2020-0549. Description: Recently, researchers have discovered vulnerability … Continue reading “Intel Processors CacheOut Vulnerability”
Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability (CVE-2020-3119)
Summary: Recently, multiple vulnerabilities were observed in Feb,2020 on Cisco’s various devices identified by researcher Barak Hadad of Armis. Out of which few were RCE, among which CVE-2020-3119 is one where an unauthenticated, adjacent attacker can arbitrary code execution. Description: Cisco switches, IP phones, routers and cameras information can be observed using this problematic protocol … Continue reading “Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability (CVE-2020-3119)”
Linear eMerge E3 Multiple Security Vulnerabilities
Nortek has announced a critical vulnerabilities in Linear eMerge E3-Series. The vulnerabilities exists because the affected product fails to sanitize HTTP request parameter values, which can be used to construct a shell commands. This allows an attacker to execute arbitrary commands on the affected system as a root. Below CVE id’s has been assigned to … Continue reading “Linear eMerge E3 Multiple Security Vulnerabilities”
PhpFileManager 0.9.8 Remote Command Execution Vulnerability(CVE-2015-5958)
Summary: phpFileManager version suffers from a RCE vulnerability that can be executed via cross site request forgery. Product: phpFileManager version 0.9.8 Vulnerability Type: Remote Command Execution CVE Reference: CVE-2015-5958 Description: PHPFileManager is vulnerable to remote command execution and execute operating system commands via GET requests from a victims browser.Once the call to the operating systems … Continue reading “PhpFileManager 0.9.8 Remote Command Execution Vulnerability(CVE-2015-5958)”
